Adopting a Systemic Design Approach to Cyber Security Incident Response

Emma Woodward; Barnaby Craggs; Danae Stanton Fraser; Adam Joinson

doi:10.1145/3703465.3703471

Adopting a Systemic Design Approach to Cyber Security Incident Response

Emma Woodward, Barnaby Craggs, Danae Stanton Fraser, Adam Joinson

University of Bristol

Research output: Chapter or section in a book/report/conference proceeding › Chapter in a published conference proceeding

34 Downloads (Pure)

Abstract

Computer security incident response teams (CSIRTs) are critical to maintaining business continuity in the face of cyber-attacks. Yet there has been little research conducted in the last decade to understand the root causes of the challenges they face to sustain their effectiveness. Moreover, they operate in complex sociotechnical multiteam systems, making it challenging to understand the causes of problems and how to bring about improvements. This paper
proposes the use of a Systemic Design approach to develop a more in-depth understanding of the complex sociotechnical system(s) of cyber security incident response, in order to find intervention points that can be leveraged in one area to transition the whole system into a better state. We present the first steps of a case study that uses Gigamap workshops and in-depth interviews with a range of
stakeholders to frame the system and understand its effectiveness.

Original language	English
Title of host publication	2024 New Security Paradigms Workshop, NSPW 2024
Place of Publication	U. S. A.
Publisher	Association for Computing Machinery
Pages	71-83
Number of pages	13
ISBN (Print)	9798400711282
DOIs	https://doi.org/10.1145/3703465.3703471
Publication status	Published - 16 Jan 2025
Event	New Security Paradigms Workshop - Bedford, PA, USA, USA United States Duration: 16 Sept 2024 → 19 Sept 2024 https://www.nspw.org/2024

Workshop

Workshop	New Security Paradigms Workshop
Abbreviated title	NSPW
Country/Territory	USA United States
Period	16/09/24 → 19/09/24
Internet address	https://www.nspw.org/2024

Acknowledgements

The authors would like to thank all the NSPW attendees for their insightful input into the paper during the conference. We also wish to thank the NSPW peer reviewers for their feedback as well as Dr. Karen Renaud and Dr. Nilofar Mansourzadeh for acting as the pre-event and post-event shepherds for this paper.

Funding

This research work was funded by EPSRC Centre for Doctoral Training Studentship (EP/S022465/1).

Keywords

CSIRTs
Cyber security incident management
Systemic Design
Design methods
Systems Thinking
System Dynamics

Access to Document

10.1145/3703465.3703471Licence: CC BY

Adopting a Systemic Design Approach to Cyber Security Incident Response
This work is licensed under a Creative Commons Attribution International 4.0 License.
Final published version, 39.1 MBLicence: CC BY

Cite this

Adopting a Systemic Design Approach to Cyber Security Incident Response. / Woodward, Emma; Craggs, Barnaby; Stanton Fraser, Danae et al.
2024 New Security Paradigms Workshop, NSPW 2024. U. S. A.: Association for Computing Machinery, 2025. p. 71-83.

Research output: Chapter or section in a book/report/conference proceeding › Chapter in a published conference proceeding

@inproceedings{855203ac6961422ca72d6e12e2f286c7,

title = "Adopting a Systemic Design Approach to Cyber Security Incident Response",

abstract = "Computer security incident response teams (CSIRTs) are critical to maintaining business continuity in the face of cyber-attacks. Yet there has been little research conducted in the last decade to understand the root causes of the challenges they face to sustain their effectiveness. Moreover, they operate in complex sociotechnical multiteam systems, making it challenging to understand the causes of problems and how to bring about improvements. This paperproposes the use of a Systemic Design approach to develop a more in-depth understanding of the complex sociotechnical system(s) of cyber security incident response, in order to find intervention points that can be leveraged in one area to transition the whole system into a better state. We present the first steps of a case study that uses Gigamap workshops and in-depth interviews with a range ofstakeholders to frame the system and understand its effectiveness.",

keywords = "CSIRTs, Cyber security incident management, Systemic Design, Design methods, Systems Thinking, System Dynamics",

author = "Emma Woodward and Barnaby Craggs and {Stanton Fraser}, Danae and Adam Joinson",

year = "2025",

month = jan,

day = "16",

doi = "10.1145/3703465.3703471",

language = "English",

isbn = "9798400711282",

pages = "71--83",

booktitle = "2024 New Security Paradigms Workshop, NSPW 2024",

publisher = "Association for Computing Machinery",

address = "USA United States",

note = "New Security Paradigms Workshop, NSPW ; Conference date: 16-09-2024 Through 19-09-2024",

url = "https://www.nspw.org/2024",

}

TY - GEN

T1 - Adopting a Systemic Design Approach to Cyber Security Incident Response

AU - Woodward, Emma

AU - Craggs, Barnaby

AU - Stanton Fraser, Danae

AU - Joinson, Adam

PY - 2025/1/16

Y1 - 2025/1/16

N2 - Computer security incident response teams (CSIRTs) are critical to maintaining business continuity in the face of cyber-attacks. Yet there has been little research conducted in the last decade to understand the root causes of the challenges they face to sustain their effectiveness. Moreover, they operate in complex sociotechnical multiteam systems, making it challenging to understand the causes of problems and how to bring about improvements. This paperproposes the use of a Systemic Design approach to develop a more in-depth understanding of the complex sociotechnical system(s) of cyber security incident response, in order to find intervention points that can be leveraged in one area to transition the whole system into a better state. We present the first steps of a case study that uses Gigamap workshops and in-depth interviews with a range ofstakeholders to frame the system and understand its effectiveness.

AB - Computer security incident response teams (CSIRTs) are critical to maintaining business continuity in the face of cyber-attacks. Yet there has been little research conducted in the last decade to understand the root causes of the challenges they face to sustain their effectiveness. Moreover, they operate in complex sociotechnical multiteam systems, making it challenging to understand the causes of problems and how to bring about improvements. This paperproposes the use of a Systemic Design approach to develop a more in-depth understanding of the complex sociotechnical system(s) of cyber security incident response, in order to find intervention points that can be leveraged in one area to transition the whole system into a better state. We present the first steps of a case study that uses Gigamap workshops and in-depth interviews with a range ofstakeholders to frame the system and understand its effectiveness.

KW - CSIRTs

KW - Cyber security incident management

KW - Systemic Design

KW - Design methods

KW - Systems Thinking

KW - System Dynamics

U2 - 10.1145/3703465.3703471

DO - 10.1145/3703465.3703471

M3 - Chapter in a published conference proceeding

SN - 9798400711282

SP - 71

EP - 83

BT - 2024 New Security Paradigms Workshop, NSPW 2024

PB - Association for Computing Machinery

CY - U. S. A.

T2 - New Security Paradigms Workshop

Y2 - 16 September 2024 through 19 September 2024

ER -

Adopting a Systemic Design Approach to Cyber Security Incident Response

Abstract

Workshop

Acknowledgements

Funding

Keywords

Access to Document

Fingerprint

Cite this